diff options
author | Rich Megginson <rmeggins@redhat.com> | 2017-05-24 10:48:49 -0600 |
---|---|---|
committer | Rich Megginson <rmeggins@redhat.com> | 2017-06-07 19:38:50 -0600 |
commit | 3973b9fd6fcb80c639c1435e017976319b8c08df (patch) | |
tree | 98749395d4a8afb95a3e09bb29a17628b3d895e2 /roles/openshift_logging_elasticsearch/templates | |
parent | edf1d68ff01b6fc448b721c04d57ac39f80c07da (diff) | |
download | openshift-3973b9fd6fcb80c639c1435e017976319b8c08df.tar.gz openshift-3973b9fd6fcb80c639c1435e017976319b8c08df.tar.bz2 openshift-3973b9fd6fcb80c639c1435e017976319b8c08df.tar.xz openshift-3973b9fd6fcb80c639c1435e017976319b8c08df.zip |
fix es routes for new logging roles
port the code that creates the external Elasticsearch routes to the
new logging roles
Have to suppress this error message:
SSL Problem illegal change cipher spec msg, conn state = 6, handshake state = 1
which is coming from the router health check, until
https://github.com/openshift/origin/issues/14515
is fixed - otherwise, the es log is spammed relentlessly
Diffstat (limited to 'roles/openshift_logging_elasticsearch/templates')
-rw-r--r-- | roles/openshift_logging_elasticsearch/templates/elasticsearch-logging.yml.j2 | 12 | ||||
-rw-r--r-- | roles/openshift_logging_elasticsearch/templates/route_reencrypt.j2 | 36 |
2 files changed, 48 insertions, 0 deletions
diff --git a/roles/openshift_logging_elasticsearch/templates/elasticsearch-logging.yml.j2 b/roles/openshift_logging_elasticsearch/templates/elasticsearch-logging.yml.j2 index 377abe21f..38948ba2f 100644 --- a/roles/openshift_logging_elasticsearch/templates/elasticsearch-logging.yml.j2 +++ b/roles/openshift_logging_elasticsearch/templates/elasticsearch-logging.yml.j2 @@ -35,6 +35,12 @@ appender: layout: type: consolePattern conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" + # need this filter until https://github.com/openshift/origin/issues/14515 is fixed + filter: + 1: + type: org.apache.log4j.varia.StringMatchFilter + StringToMatch: "SSL Problem illegal change cipher spec msg, conn state = 6, handshake state = 1" + AcceptOnMatch: false file: type: dailyRollingFile @@ -43,6 +49,12 @@ appender: layout: type: pattern conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" + # need this filter until https://github.com/openshift/origin/issues/14515 is fixed + filter: + 1: + type: org.apache.log4j.varia.StringMatchFilter + StringToMatch: "SSL Problem illegal change cipher spec msg, conn state = 6, handshake state = 1" + AcceptOnMatch: false # Use the following log4j-extras RollingFileAppender to enable gzip compression of log files. # For more information see https://logging.apache.org/log4j/extras/apidocs/org/apache/log4j/rolling/RollingFileAppender.html diff --git a/roles/openshift_logging_elasticsearch/templates/route_reencrypt.j2 b/roles/openshift_logging_elasticsearch/templates/route_reencrypt.j2 new file mode 100644 index 000000000..cf8a9e65f --- /dev/null +++ b/roles/openshift_logging_elasticsearch/templates/route_reencrypt.j2 @@ -0,0 +1,36 @@ +apiVersion: "v1" +kind: "Route" +metadata: + name: "{{obj_name}}" +{% if labels is defined%} + labels: +{% for key, value in labels.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} +spec: + host: {{ route_host }} + tls: +{% if tls_key is defined and tls_key | length > 0 %} + key: | +{{ tls_key|indent(6, true) }} +{% if tls_cert is defined and tls_cert | length > 0 %} + certificate: | +{{ tls_cert|indent(6, true) }} +{% endif %} +{% endif %} + caCertificate: | +{% for line in tls_ca_cert.split('\n') %} + {{ line }} +{% endfor %} + destinationCACertificate: | +{% for line in tls_dest_ca_cert.split('\n') %} + {{ line }} +{% endfor %} + termination: reencrypt +{% if edge_term_policy is defined and edge_term_policy | length > 0 %} + insecureEdgeTerminationPolicy: {{ edge_term_policy }} +{% endif %} + to: + kind: Service + name: {{ service_name }} |